Governments and Large Corporations Are Highly Susceptible to Data Breaches, Russians Hackers Prove
By David B. McGarry
Legislation introduced by many state and federal policy makers would force Americans to disclose ever more data to various private and public entities. Examples include the American Innovation and Choice Online (AICO) Act and myriad age verification proposals at the state and federal level. The App Security Project has warned ad nauseam that these proposals will expose individuals’ personal information to data breaches; no government or corporation, however large, is impervious.
This month, reports surfaced that Russian cyber gang Clop infiltrated MOVEit, a file transfer software product. Affected entities include federal agencies, state governments, academic institutions, and “several hundred” companies:
– “The Department of Energy is among multiple federal agencies breached in the ongoing global hacking campaign,” CNN reports.
– “Everyone with a Louisiana driver’s license or state ID likely had their personal information exposed,” Axios reports.
– “The identities of approximately 3.5 million Oregonians are at risk,” KOIN news reports.
– Lousiana’s Office of Motor Vehicles “believes that all Louisianans with a state-issued driver’s license, ID, or car registration have likely had…data exposed to the cyber attackers.”
– “The number of victims of the MOVEit hack grew by several million…after the biggest U.S. pension fund, [California Public Employees’ Retirement System], and insurer Genworth Financial said personal information of their members and customers had been compromised,” Reuters reports.
Other reported victims include Shell Global, the provincial government of Nova Scotia, Johns Hopkins University, the University System of Georgia, the New York City Department of Education, Allegiant Air, UCLA, consultancy firm Ernst and Young, Sony, and perhaps the British Broadcasting Company (BBC).
Even the most privacy conscious folks cannot achieve total security in the digital world any more than in the physical one. However, policymakers ought to avoid magnifying security risks whenever possible.
Published on June 29, 2023